iBankCoin
Wake up. Break the cycle. Teach your children.
Joined Oct 24, 2016
1,143 Blog Posts

New Analysis Of Guccifer 2.0 Data Destroys Russian Hacking Narrative

A new analysis of the files published by Guccifer 2.0 completely destroys the Russian hacking narrative and the dubious Crowdstrike report it’s based on. Cutting to the chase: tile DNC server files were transferred at 23 MB/s on the East Coast of the USA, making it unlikely that a Romanian hacker was behind the breach. In fact, it confirms that at minimum, the first link in the chain was someone with local access via LAN or physical connection.

Elizabeth Lea Vos of Disobedient Media has put together a great article on the bombshell, which is re-posted below with permission.

—–

DNC headquarters

New meta-analysis has emerged from a document published today by an independent researcher known as The Forensicator, which suggests that files eventually published by the Guccifer 2.0 persona were likely initially downloaded by a person with physical access to a computer possibly connected to the internal DNC network. The individual most likely used a USB drive to copy the information. The groundbreaking new analysis irrevocably destroys the Russian hacking narrative, and calls the actions of Crowdstrike and the DNC into question.

The document supplied to Disobedient Media via Adam Carter was authored by an individual known as The Forensicator. The full document referenced here has been published on their blog. Their analysis indicates the data was almost certainly not accessed initially by a remote hacker, much less one in Russia. If true, this analysis obliterates the Russian hacking narrative completely.

The Forensicator specifically discusses the data that was eventually published by Guccifer 2.0 under the title “NGP-VAN.”  This should not be confused with the separate publication of the DNC emails by Wikileaks. This article focuses solely on evidence stemming from the files published by Guccifer 2.0, which were previously discussed in depth by Adam Carter.

 Disobedient Media previously reported that Crowdstrike is the only group that has directly analyzed the DNC servers. Other groups including Threat Connect have used the information provided by Crowdstrike to claim that Russians hacked the DNC. However, their evaluation was based solely on information ultimately provided by Crowdstrike; this places the company in the unique position of being the only direct source of evidence that a hack occurred.

The group’s President Shawn Henry is a retired executive assistant director of the FBI while their co-founder and CTO, Dmitri Alperovitch, is a senior fellow at the Atlantic Council, which as we have reported, is linked to George Soros. Carter has stated on his website that “At present, it looks a LOT like Shawn Henry & Dmitri Alperovitch (CrowdStrike executives), working for either the HRC campaign or DNC leadership were very likely to have been behind the Guccifer 2.0 operation.” Carter’s website was described by Wikileaks as a useful source of primary information specifically regarding Guccifer 2.0.

Carter recently spoke to Disobedient Media, explaining that he had been contacted by The Forensicator, who had published a document which contained a detailed analysis of the data published by Guccifer 2.0 as  “NGP-VAN.”

The document states that the files that eventually published as “NGP-VAN” by Guccifer 2.0 were first copied to a system located in the Eastern Time Zone, with this conclusion supported by the observation that “the .7z file times, after adjustment to East Coast time fall into the range of the file times in the .rar files.” This constitutes the first of a number of points of analysis which suggests that the information eventually published by the Guccifer 2.0 persona was not obtained by a Russian hacker.

Image via The Forensicator

The Forensicator stated in their analysis that a USB drive was most likely used to boot Linux OS onto a computer that either contained the alleged DNC files or had direct access to them. They also explained to us that in this situation one would simply plug a USB drive with the LinuxOS into a computer and reboot it; after restarting, the computer would boot from the USB drive and load Linux instead of its normal OS. A large amount of data would then be copied to this same USB drive.

In this case, additional files would have been copied en masse, to be “pruned” heavily at a later time when the 7zip archive now known as NGP-VAN was built. The Forensicator wrote that if 1.98 GB of data had been copied at a rate of 22.6 MB/s and time gaps t were noticed at the top level of the NGP-VAN 7zip file were attributed to additional file copying, then approximately 19.3 GB in total would have been copied. In this scenario, the 7zip archive (NGP-VAN) would represent only about 10% of the total amount of data that was collected.

The very small proportion of files eventually selected for use in the creation of the “NGP-VAN” files were later published by the creators of the Guccifer 2.0  persona. This point is especially significant, as it suggests the possibility that up to 90% of the information initially copied was never published.

The use of a USB drive would suggest that the person first accessing the data could not have been a Russian hacker. In this case, the person who copied the files must have physically interacted with a computer that had access to what Guccifer 2.0 called the DNC files. A less likely explanation for this data pattern where large time gaps were observed between top level files and directories
in the 7zip file, can be explained by the use of ‘think time’ to select and copy 1.9 GB of individual files, copied in small batches with think time interspersed. In either scenario, Linux would have been booted from a USB drive, which fundamentally necessitates physical access to a computer with the alleged DNC files.

The Forensicator believed that using the possible ‘think-time’ explanation to explain the time-gaps was a less likely explanation for the data pattern available, with a large amount of data most likely copied instantaneously,  later “pruned” in the production of the Guccifer 2.0’s publication of the NGP-VAN files.

Both the most likely explanation and the less likely scenario provided by The Forensicator’s analysis virtually exclude the possibility of a Russian or remote hacker gaining external access to the files later published as “NGP-VAN.”  In both cases,  the physical presence of a person accessing a containing DNC information would be required.

Importantly, The Forensicator concluded that the chance that the files had been accessed and downloaded remotely over the internet were too small to give this idea any serious consideration. He explained that the calculated transfer speeds for the initial copy were much faster than can be supported by an internet connection. This is extremely significant and completely discredits allegations of Russian hacking made by both Guccifer 2.0 and Crowdstrike.

This conclusion is further supported by analysis of the overall transfer rate of 23 MB/s. The Forensicator described this as “possible when copying over a LAN, but too fast to support the hypothetical scenario that the alleged DNC data was initially copied over the Internet (esp. to Romania).” Guccifer 2.0 had claimed to originate in Romania. So in other words, this rate indicates that the data was downloaded locally,  possibly using the local DNC network. The importance of this finding in regards to destroying the Russian hacking narrative cannot be overstated.

If the data is correct, then the files could not have been copied over a remote connection and so therefore cannot have been “hacked by Russia.”

The use of a USB drive would also strongly suggest that the person copying the files had physical access to a computer most likely connected to the local DNC network. Indications that the individual used a USB drive to access the information over an internal connection, with time stamps placing the creation of the copies in the East Coast Time Zone, suggest that  the individual responsible for initially copying what was eventually published by the Guccifer 2.0 persona under the title “NGP-VAN”  was located in the Eastern United States, not Russia.

The implications of The Forensicator‘s analysis in combination with Adam Carter‘s work, suggest that at the very least, the Russian hacking narrative is patently false. Adam Carter has a strong grasp on the NGP-VAN files and Guccifer 2.0, with his website on the subject called a “good source” by Wikileaks via twitter. Carter told Disobedient Media that in his opinion the analysis provided by The Forensicator was accurate, but added that if changes are made to the work in future, any new conclusions would require further vetting.

On the heels of recent retractions by legacy media outlets like CNN and The New York Times, this could have serious consequences, if months of investigation into the matter by authorities are proven to have been based on gross misinformation based solely on the false word of Crowdstrike.

Assange recently lamented widespread ignorance about the DNC Leak via Twitter, specifically naming Hillary Clinton, the DNC, the Whitehouse and mainstream media as having “reason” to suppress the truth of the matter. As one of the only individuals who would have been aware of the source of the DNC Leaks, Assange’s statement corroborates a scenario where the DNC and parties described in Adam Carter’s work likely to have included Crowdstrike, may have participated in “suppressing knowledge” of the true origins and evidence surrounding the leak of the DNC emails by confusing them with the publication of the Guccifer 2.0 persona.

Despite Guccifer 2.0’s conflicting reports of having both been a Russian hacker and having contact with Seth Rich, the work of The Forensicator indicates that neither of these scenarios is likely true. What is suggested is that the files now known as “NGP-VAN” were copied by someone with access to a system connected to the DNC internal network, and that this action had no bearing on the files submitted to Wikileaks and were most likely unassociated with Seth Rich, and definitively not remotely “hacked” from Russia.

If you enjoy the content at iBankCoin, please follow us on Twitter

12 comments

  1. mistermoe

    Bullshit and lies. Stop trying to undermine our intelligence agencies. When they come for you retards, prepare for an aquatic experience.

    • 2
    • 0
    • 0 Deem this to be "Fake News"
  2. Dr. Fly

    I agree. The CIA is only trying to protect America. Enough with the need for proof.

    • 3
    • 0
    • 0 Deem this to be "Fake News"
  3. juice

    leave the facts out of this case .. the amurican peoples need to be protected from reality .. we cannot handle the truth

    • 3
    • 0
    • 0 Deem this to be "Fake News"
  4. sarcrilege

    When did facts and truth ever mattered to the docile, over-medicated, stupefied, iCrap addicted, fat and lazy left leaning populace? Ever? ..Too many example to cite, i.e. 9/11 was completely debunked and shown that it was Mossad/CIA operation, yet the joornalists fed by the deep state brazenly continue to claim that 9/11 was done by fewer than a dozen camel riding, goat fucking, pedophile worshiping moozlims.

    • 0
    • 0
    • 2 Deem this to be "Fake News"
  5. nancy

    Didn’t PUTIE already do that!!

    • 0
    • 0
    • 0 Deem this to be "Fake News"
  6. LongDouche

    TLDR. Over the last year you’ve generated a lot of text trying to prove nothing is actually something and that something is actually nothing. Hope you’re getting paid for it.

    • 0
    • 0
    • 0 Deem this to be "Fake News"
  7. mistermoe

    You are a 911 truther. Pardon my lack of civility but go fuck yourself with a sandpaper condom.

    • 0
    • 0
    • 0 Deem this to be "Fake News"
  8. traderconfessions
    traderconfessions

    You go with the Forensicator.. some anonymous source as cuckpots would say.. and I’ll go with seasoned intelligence officials. My god SAC.. enough already ..9/11 was debunked?? Stop embarassing yourself already. More pathetic every day. Even Ironbird laughs at you.

    Zero.. your arms must be aching from reaching so far. Don’t hurt yourself!!

    • 0
    • 0
    • 0 Deem this to be "Fake News"
  9. maybe

    Seth Rich was the first?

    • 0
    • 0
    • 0 Deem this to be "Fake News"
  10. Cricket

    Must have touched a nerve? Mr Moe, Trader, LongD all bleating and screeching today. Is your reality beginning to crumble? C’mon and join the Trump train.

    Wouldn’t surprise me if DNC private intelligence agency Fusion GPS was involved. They are being connected now with just about every false smear operation.

    • 1
    • 0
    • 0 Deem this to be "Fake News"
  11. moonshot

    I don’t believe the Muh Russia conspiracy wacko theory, at all. I think the Hillary campaign has more evidence of Russian collusion than the Trump campaign, by far.

    That said, it is overreaching to say that the evidence from Forensicator DESTROYS Russian hacking as a possibility. Just a few counter scenarios off the top of my head:

    1. Russian Hacker (RH) hacked into another host on the DNC LAN, accessed the file server in question across the LAN and copied the files to that other host before transferring over the Internet.

    2. The DNC has decent enough wifi and a RH or their co-conspirator in DC drove by the DNC, hacked the wifi, and copied the files at full wifi speeds.

    3. The attack happened as Forensicator described (physical access to the machine) by someone conspiring with / hired by a RH, such as a janitor.

    4. The timestamps were modified to give the appearance of an Eastern timezone and LAN copy speeds. Trivial to do and if Forensicator looks at things this way, certainly a smart / experienced hacker could as well and cover their tracks.

    While I agree this makes the Russian hacking story more far fetched and unlikely, and Occam’s Razor would point to their analysis being correct, I don’t think you can say this conclusively rules out Russian hacking as a possibility.

    • 0
    • 0
    • 0 Deem this to be "Fake News"
  12. LongDouche

    Go apply at the NSA, CIA or DIA. We need people of your talent there.

    • 0
    • 0
    • 0 Deem this to be "Fake News"

Leave a Reply

Your email address will not be published. Required fields are marked *